/**
 * 所有版权归 广西梧州 陈锦韬 所有
 *
 * @Title: RxOAuth2ResourceServerConfig
 * @Package com.rx.core.bean
 * @Description: 资源服务配置
 * @author: 陈锦韬
 * @date: 2020\6\8 0008
 * @version V1.0
 * @Copyright: 2020 陈锦韬  All rights reserved.
 */
package com.rx.zuul.bean;

import com.rx.core.bean.RxConfigBean;
import com.rx.core.enm.RX_ENABLE;
import com.rx.zuul.filter.RewriteAccessDenyFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.DefaultOAuth2ExceptionRenderer;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.error.OAuth2ExceptionRenderer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

/**
 * @author: Administrator
 * @Description: 资源服务配置
 * @date: 2020\6\8 0008
 */
@Configuration
@EnableResourceServer
@Order(160)
public class RxOAuth2ResourceServer extends ResourceServerConfigurerAdapter {

    public static final String RESOURCE_ID="res1";
    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private RxConfigBean rxConfigBean;

    @Autowired
    private RewriteAccessDenyFilter accessDeniedHandler;

    protected String getResourceId(){
        return RESOURCE_ID;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        if(!RX_ENABLE.isEnable(rxConfigBean.getRxCommonOAuthEnable())){
            return;
        }
        resources.resourceId(getResourceId())
                // JWT
                .tokenStore(tokenStore)
                //.tokenServices(tokenService()) //验证令牌服务
                .stateless(true);
        super.configure(resources);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        if(!RX_ENABLE.isEnable(rxConfigBean.getRxCommonOAuthEnable())){
            http    .authorizeRequests()
                    .anyRequest().permitAll()
                    .and().csrf().disable()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

            return;
        }
        http    .authorizeRequests()
                //.anyRequest().permitAll()
                .antMatchers("/api/uua/oauth/**").permitAll()
                .antMatchers("/api/uua/rx-standard-api/single/uua-local-info/standard/search-list").permitAll()
                .antMatchers("/api/uua/common/**").permitAll()
                .antMatchers("/login/**").permitAll()
                //.antMatchers("/api/uua/rx-standard-api/**")
                //.access("#oauth2.hasScope('ROLE_ADMIN')")


                //.antMatchers("/api/oa/**")
                //.access("#oauth2.hasScope('ROLE_ADMIN')")
                .anyRequest().access("#oauth2.hasScope('ROLE_ADMIN')")
                .and().csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        // 自定义异常返回
        ResourceServerSecurityConfigurer configurer = http.getConfigurer(ResourceServerSecurityConfigurer.class);
        OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        OAuth2ExceptionRenderer oAuth2ExceptionRenderer = new RxOAuth2ExceptionRenderer();
        authenticationEntryPoint.setExceptionRenderer(oAuth2ExceptionRenderer);
        configurer.authenticationEntryPoint(authenticationEntryPoint);

        //http.exceptionHandling().getAuthenticationEntryPoint();
    }

}
